I’ve been thinking about/programming this for a day or two now. Here is my progress/thoughts thus far.
No downloads yet, not quite ready for public testing.
Directory navigation appears to be working.
Loose plans for this project:
Virtual Internet, No actual packets sent.
Random Hosts generate from templates over time. Linux/Win/Android
Actual encryption will be used, Actual cracking will be done.
Ability to takeover random hosts and use them as C&C for in game virus, file dump, or just an infected host
Generate funds in game from botnets, spam, viruses and stealing bitcoin
Will use historical exploits like RPC, DCOM, Sasser, Nimda, SQLi, IIS, Apache and others. All scripted/virtual. No actual packets or exploit code.
Random hosts will have multiple patch levels as you progress thru the game.
Ideally … This can eventually evolve into a multiplayer project.
In theory if i reserve like a million IP’s for ‘players’ and new players get granted a unique IP upon first entrance into a ‘network’ — this could all work via a server. Players could hack other players 🙂 Botnets could fight each other
Primary way to connect to other machines will be SSH i think, File transfers handled over TFTP. Still need to implement a process list.
First ‘mission’ will be to download and install a TFTP server.
Second mission will be to scan a pre-selected host. install a proxy on it. (using tftp) host will be windows with a blank password. Success on connecting to the tutorial box from an ip that is not your own.
Third mission is to steal a botnet and some viruses that have infected the host from the previous mission. botnet cannot be deployed yet. viruses not implemented/coded yet
Fourth mission is to join a hacking crew, this crew allows you to use their c&c server and explains basic of config/deploy of botnet. You also get access to bitcoin/bitcoin wallets and income per second.
That’s more or less my thinking at the moment
hosts file is now generating upon registration. You get ARIN added automatically. ARIN gets updated when new hosts are generated. To get a global lists of all hosts …. hack ARIN 🙂
Going to put a few ‘servers’ in the game like a social network or a game server. generated hosts will connect to these servers from time to time, exposing their ip. hacking a social network or game host will be another easier way to find hosts.
Thoughts for later in the game… You have to hexedit the game itself to progress past a certain point
I’ve got shelf code for most encryption types from tools I’ve written to break said encryption types. Will have NTLM generating for in game windows hosts soon. Will get placed into a SAM file in the appropriate location per host
If i can keep the formatting close enough to real life. I think I should be able to include real tools/binaries like John the Ripper and l0phtcrack. Keep those as portable/standalone installs outside of a game accessible directory and use a script/flag in game to call them with hardcoded parameters with a few variables.
I could probably make it place the output in the users in game /home/ dir too.
This could be part game and part educational tool. It’s shaping up to be accurate enough to teach real skills 🙂
More ideas for my #HackerSim
You have a ‘hat color’ that changes depending on which missions or actions you complete in the game. Naturally these colors will be white hat, gray hat and black hat. Lending itself to at least 3 different ‘endings’ for the game.
It’s still looking very possible that I’ll be able to wrap the entire game around Winsock Events and make this actually work online.
Setting up a proxychain will be the main method of ‘bouncing’ – Just like hackers used to do before Tor. Hell I could even put in a virtual tor 😛 Make things a bit less tedious later in the game as credentials expire and proxies are discovered/removed.
I don’t like the idea of a continuous money per second for no reason. All money generated in the game will require a resource to be tapped or task to be completed. Will likely have BTC, A BTC Exchange and $ and a Bank. Both of which can be hacked. To keep $ secure forever you have to use offline cold storage btc wallet … just like real life 😛